Exam SY0-701 topic 1 question 11 discussion

It is already known that the message is not being sent from the CEO, & awareness of this attack should be known among the company by using the proper training to identify when an attacker is smishing using employee likeness. It is not known if devices are compromised, but if employees are aware of the situation, then that can be figured out as well.

A fraudulent message was sent without spoofing the sender's number, indicating the message did not come from a legitimate source and the phone wasn't stolen. Therefore, we don't need to change numbers or conduct a forensic investigation on the CEO's phone. We will first inform the employees about the current smishing attack. Then, adjust the annual Company training to include awareness of and protection against similar smishing attacks.

B. Add a smishing exercise to the annual company training Smishing is a type of phishing attack via text messages. Incorporating it into annual company training will help employees recognize such fraudulent attempts and improve overall security awareness. C. Issue a general email warning to the company This will quickly alert all employees about the specific phishing attempt and provide guidance on how to handle such situations, reducing the risk of future incidents.

The best responses are to train employees through a smishing exercise and alert the entire company through an email warning to prevent further attacks.

A fraudulent message was sent without the sender's number being spoofed, confirming it did not originate from a legitimate source and that the phone has not been stolen. Consequently, there is no need to change numbers or conduct a forensic investigation on the CEO's phone. Our immediate action will be to inform employees about the ongoing smishing attack. Additionally, we will update the annual company training to include awareness and prevention of similar smishing attacks.

Proper training to identify smishing and Employee awareness.

BC seems to be the most reasonable options. As the company with need to be trained and made aware of such attacks so they do not fall victim to this in the future.

How not implementing Mobile Device Management is gonna help on the situation? Technical measures are more importante than annual trainings? stop asking GTP for responses and think

In this scenario, employees have received a fraudulent text message impersonating the CEO, aiming to trick them into purchasing and sending gift cards. The attack is a classic example of smishing, a type of phishing conducted through SMS Add a smishing exercise to the annual company training-Training employees through realistic exercises will prepare them for recognizing smishing attempts in the future. They will learn how to spot red flags in messages that seem urgent and authoritative but are suspicious in nature. Issue a general email warning to the company-o Alerting the organization helps contain the threat and reduces the chance of employees inadvertently engaging with the scam. It is an immediate response that mitigates risk by stopping the scam in its tracks.

These are the correct answers. General email warnings to the employees and there’s a need for more trainings.

A fraudulent message was used, and the sender's number was not spoofed, meaning the message didn't come from a legitimate source. The question didn't mention the phone was stolen either. Therefore, we don't need to change numbers or conduct a forensic investigation on the CEO's phone. First, we will inform the employees about the current smishing attack. Then, we will adjust our annual company training to include protection against smishing attacks.

BC, I eliminated the incorrect questions to this one.

B. Add a smishing exercise to the annual company training. C. Issue a general email warning to the company.

Correct Answer: BC